/****************************************
 * 2018 - 2021 版权所有 CopyRight(c) 快程乐码信息科技有限公司所有, 未经授权，不得复制、转发
 */

package com.kclm.security03.config.security.url;

import com.kclm.security03.modules.common.dto.output.ApiResult;
import com.kclm.security03.modules.common.util.ResponseUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/******************
 * <p> 认证url权限 - 登录后访问接口无权限 - 自定义403无权限响应内容 </p>
 * @Author yejf
 * @Version v1.0
 * @Create 2020-08-06 9:35
 * @Description 登录过后的权限处理 【注：要和未登录时的权限处理区分开哦~】
 */
@Component
@Slf4j
public class UrlAccessDeniedHandler implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        log.debug("URL访问失败，也就是没有权限访问某个URL");
        ResponseUtil.out(response, ApiResult.fail(403, accessDeniedException.getMessage()));
    }
}
